From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id eNPPIKIdvl9oDgAA0tVLHw (envelope-from ) for ; Wed, 25 Nov 2020 09:02:26 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id sEO4HKIdvl/GSwAA1q6Kng (envelope-from ) for ; Wed, 25 Nov 2020 09:02:26 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D8E8E9403E8 for ; Wed, 25 Nov 2020 09:02:25 +0000 (UTC) Received: from localhost ([::1]:33454 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1khqgy-00009k-Qk for larch@yhetil.org; Wed, 25 Nov 2020 04:02:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51624) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1khqe4-0007Ko-G5 for emacs-orgmode@gnu.org; Wed, 25 Nov 2020 03:59:24 -0500 Received: from static.rcdrun.com ([95.85.24.50]:43355) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1khqe2-00036m-Nc for emacs-orgmode@gnu.org; Wed, 25 Nov 2020 03:59:24 -0500 Received: from localhost ([::ffff:41.202.241.56]) (AUTH: PLAIN admin, TLS: TLS1.2,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by static.rcdrun.com with ESMTPSA id 00000000002C1AE5.000000005FBE1CE8.00005297; Wed, 25 Nov 2020 08:59:19 +0000 Date: Wed, 25 Nov 2020 11:36:52 +0300 From: Jean Louis To: "Dr. Arne Babenhauserheide" Subject: Local variables liberties Message-ID: References: <87mtz84om9.fsf@localhost> <87ft4zhyuo.fsf@disroot.org> <877dqbhtgf.fsf@ucl.ac.uk> <87zh36d1xn.fsf@web.de> <87k0u9c0vm.fsf@web.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87k0u9c0vm.fsf@web.de> User-Agent: Mutt/2.0 (3d08634) (2020-11-07) Received-SPF: pass client-ip=95.85.24.50; envelope-from=bugs@gnu.support; helo=static.rcdrun.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Diego Zamboni , Texas Cyberthal , emacs-orgmode@gnu.org, Ihor Radchenko Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of emacs-orgmode-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=emacs-orgmode-bounces@gnu.org X-Spam-Score: 0.49 X-TUID: tD1vW+hJqzMh * Dr. Arne Babenhauserheide [2020-11-25 11:11]: > > Jean Louis writes: > > > * Dr. Arne Babenhauserheide [2020-11-24 21:51]: > >> > >> Jean Louis writes: > >> >> The start of the local variables list should be no more than 3000 > >> >> > characters from the end of the file > >> >> > >> >> > >> >> Given the length of the email, I guess this is why Emacs saw the variables > >> >> as being within the correct range. > >> > > >> > Yes thank you. I was thinking Emacs will do that only in files where > >> > it recognizes some comments or no comments and that variables need > >> > to be pretty down in the file, on the bottom. Now I learn it is not > >> > so. > >> > > >> > That is security issue. > >> > >> Why is it a security issue? The variables do need to be close to the end > >> — 3000 characters is only about 50 lines. > > > > Emacs users, Org users on our mailing lists are not so private. Their > > names and email addresses are in the public database. Spammer can > > construct phishing type of an email, including something like Org news > > or something and send such email to users. Among let us say 3000 > > people there will be percentage of users that will say Y to invoke the > > local variables due to lack of knowing what is it doing to computer. > > That isn’t what I meant with my question. What I meant is: Why is it a > security issue that the variable cannot only be at the exact end of the > file but instead can be in the last 3000 characters of the file? Not that I really answered on that meaning. In that meaning I find it troublesome that Local variables will work by formatting of any kind Example would be when there are OTHER things intertwined with local variables. The file with this text below still works, and it is not necessary that it works in that way. My eye goes to the end of file. My expectation is not that local variables work anywhere in the file just by counting number of characters as such ends of files can look any how, formatting is too free and I would make it rigid that users can look with their eyes easily to where those local variables really are. I would rather support that Local variables cannot start in the column like 10, maybe they can start in column up to 5th or something similar and that their End: cannot be longer then few lines from the bottom and to be highlighted by default. Some file Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec a diam lectus. Sed sit amet ipsum mauris. Maecenas congue ligula ac quam viverra nec consectetur ante hendrerit. Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non Local Variables: consectetur. Donec ut libero sed arcu vehicula ultricies a non ivy-mode: 1 consectetur. Donec ut libero sed arcu vehicula ultricies a non End: tortor. Lorem ipsum dolor sit amet, consectetur adipiscing ivy-mode: 1 elit. Aenean ut gravida lorem. Ut turpis felis, pulvinar a semper sed, End: adipiscing id dolor. Pellentesque auctor nisi id magna consequat sagittis. Curabitur dapibus enim sit amet elit pharetra tincidunt feugiat nisl imperdiet. Ut convallis libero in urna ultrices accumsan. Donec sed odio eros. Donec viverra mi quis quam pulvinar at malesuada arcu rhoncus. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. In rutrum accumsan ultricies. Mauris vitae nisi at sem facilisis semper ac in est.